- CheckMates
- :
- Products
- :
- Quantum
- :
- Security Gateways
- :
- Re: R80.40 Inbound Inspection Issue - Client gets ...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
R80.40 Inbound Inspection Issue - Client gets download file instead of site
We upgraded our environment from R80.30 to R80.40 this weekend.
After the upgrade, our inbound https inspection rule for our site stopped working. Instead of receiving the webpage, the client gets an error "Page cannot be reached" and get an automatic download of a file called "download" which contains the letter "D" as it's content.
We've tried rebuilding the rule, re-importing the certificate and so far no luck in making it work.
Is anyone aware of any changes in inspection for R80.40.... Is there anything I am missing?
It was pretty straighforward to make it work in R80.30. Not sure why it's failing here.
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I just have learned about the current status:
There is a project to integrate the hotfix into the next Jumbo, but right now it is only a development build. There is an available port for Jumbo Hotfix take 78 - a bit dated, but still should be usable.
By the way, there is also a workaround to Disable HTTP2 so that it behaves similar to R80.30 or lower:
# ckp_regedit -a SOFTWARE\\CheckPoint\\FW1 IGNORE_ALPN_EXTENSION 1
# fw fetch local
To re-enable HTTP2:
# ckp_regedit -a SOFTWARE\\CheckPoint\\FW1 IGNORE_ALPN_EXTENSION 0
# fw fetch local
So Jumbo Hotfix take 78 and the HF fw1_wrapper_HOTFIX_R80_40_JHF_T78_810_MAIN_GA_FULL.tgz for sk169375 are the current solution apart from R81.
I hope it is correct to share this here - i will remove it if not 8)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This HF is included in Jumbo Hotfix Accumulator for R80.40 starting from Take 91.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Have you opened a TAC case?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey, Yeah I have a case opened with TAC
I figured I'd ask the community in case someone had already experienced something similar and had the answer
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, was this issue resolved? Could you please share a case number or a solution?
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Check Point has provided me with a hotfix that has fixed the issue. It will be released as part of one of the upcoming R80.40 jumbo.
Everything is now working great.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Mhebert,
Good that it is solved the issue.
I would appreciate if you will share with me what was a hotfix / any identification of this fix or if you have information that it is included in the next Jumbo HF Take_83?
Thanks a lot!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sk169375.
This issue fixed in R81 and a fix will be integrated to the jumbo R80.40 soon.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I just have learned about the current status:
There is a project to integrate the hotfix into the next Jumbo, but right now it is only a development build. There is an available port for Jumbo Hotfix take 78 - a bit dated, but still should be usable.
By the way, there is also a workaround to Disable HTTP2 so that it behaves similar to R80.30 or lower:
# ckp_regedit -a SOFTWARE\\CheckPoint\\FW1 IGNORE_ALPN_EXTENSION 1
# fw fetch local
To re-enable HTTP2:
# ckp_regedit -a SOFTWARE\\CheckPoint\\FW1 IGNORE_ALPN_EXTENSION 0
# fw fetch local
So Jumbo Hotfix take 78 and the HF fw1_wrapper_HOTFIX_R80_40_JHF_T78_810_MAIN_GA_FULL.tgz for sk169375 are the current solution apart from R81.
I hope it is correct to share this here - i will remove it if not 8)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I sort of dropped the ball on my thread once the issue was fixed for me.
That's exactly what I had ended up doing with the help of TAC. It resolved my issue.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This HF is included in Jumbo Hotfix Accumulator for R80.40 starting from Take 91.
![](/skins/images/AB448BCC84439713A9D8F01A2EF46C82/responsive_peak/images/icon_anonymous_message.png)